全部產品
Search
文件中心

Database Backup:如何開通Database BackupDBS服務

更新時間:Oct 25, 2024

初次使用Database BackupDBS時,您需要將角色許可權(AliyunDBSDefaultRole)授權給DBS,並開通Object Storage Service,以允許DBS訪問、查詢和管理您的資料庫,並將資料庫即時備份到OSS。該授權操作是為了確保DBS備份恢複服務的正常運行,對DBS備份執行個體的效能不產生任何影響。

前提條件

登入阿里雲帳號。具體操作,請參見註冊阿里雲帳號

步驟一:授權DBS服務關聯角色

DBS服務關聯角色(AliyunServiceRoleForDBS)是具備其他雲端服務存取權限的RAM角色,DBS接入您在阿里雲購買的雲資料庫(如RDS、MongoDB、 Redis、PolarDB)或阿里雲ECS上自建的資料庫時,需通過AliyunServiceRoleForDBS擷取存取權限。更多資訊,請參見服務關聯角色

初次使用Database BackupDBS時,您需要將服務關聯角色(AliyunServiceRoleForDBS)授權給DBS。許可權詳情,請參見附錄:AliyunServiceRoleForDBS介紹

  1. 登入DBS控制台

  2. 在彈出的提示對話方塊中,單擊授權DBS服務關聯角色

    說明

    若登入控制台後,沒有彈出提示授權的對話方塊,則無需執行本文後續操作,您可以開始建立備份。

  3. 單擊確定

    此時,您已建立DBS服務關聯角色(AliyunServiceRoleForDBS),若您需要刪除服務關聯角色(AliyunServiceRoleForDBS),請參見刪除RAM角色

步驟二:開通Object Storage Service

開通Object Storage Service不會產生費用。開通後,您使用DBS進行備份時,DBS才能將備份資料存入OSS(雲端儲存)中。

  1. 登入DBS控制台

  2. 在彈出的提示對話方塊中,單擊立即開通使用OSS

  3. 在彈出的對話方塊中,單擊立即開通

  4. Object Storage Service頁面,閱讀並勾選服務合約,單擊立即開通

至此,您已開通Database BackupDBS服務。

附錄:AliyunServiceRoleForDBS介紹

角色名稱:AliyunServiceRoleForDBS

角色權限原則:AliyunServiceRolePolicyForDBS

許可權說明:

{
  "Version": "1",
  "Statement": [
    {
      "Action": [
        "rds:DescribeDBInstanceNetInfo",
        "rds:DescribeDBInstanceNetInfoForChannel",
        "rds:DescribeTasks",
        "rds:DescribeDBInstances",
        "rds:DescribeFilesForSQLServer",
        "rds:DescribeImportsForSQLServer",
        "rds:DescribeSlowLogRecords",
        "rds:DescribeBinlogFiles",
        "rds:DescribeSQLLogRecords",
        "rds:DescribeParameters",
        "rds:DescribeParameterTemplates",
        "rds:DescribeDBInstanceAttribute",
        "rds:DescribeDatabases",
        "rds:DescribeAccounts",
        "rds:DescribeSecurityIPList",
        "rds:DescribeSecurityIps",
        "rds:DescribeDBInstanceIPArray",
        "rds:DescribeDBInstanceIPArrayList",
        "rds:DescribeDBInstanceSSL",
        "rds:DescribeDBInstanceTDE",
        "rds:CreateDBInstance",
        "rds:CreateAccount",
        "rds:CreateDatabase",
        "rds:ModifySecurityIps",
        "rds:GrantAccountPrivilege",
        "rds:CreateMigrateTask",
        "rds:CreateOnlineDatabaseTask",
        "rds:DescribeMigrateTasks",
        "rds:DescribeOssDownloads",
        "rds:CreateBackup",
        "rds:DescribeBackups",
        "rds:DescribeBackupPolicy",
        "rds:ModifyBackupPolicy",
        "rds:DescribeBackupTasks",
        "rds:DescribeBinlogFiles"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "ecs:DescribeInstance",
        "ecs:DescribeInstances",
        "ecs:DescribeVpcs",
        "ecs:DescribeSecurityGroups",
        "ecs:DescribeSecurityGroupAttribute",
        "ecs:AuthorizeSecurityGroup",
        "ecs:JoinSecurityGroup",
        "ecs:RevokerSecurityGroup"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "kms:ListKeys"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "cms:PutEventRule",
        "cms:PutEventTargets",
        "cms:ListEventRules",
        "cms:ListEventTargetsByRule",
        "cms:DeleteEventRule",
        "cms:DeleteEventTargets"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "polardb:DescribeDBClusterIPArrayList",
        "polardb:DescribeDBClusterNetInfo",
        "polardb:DescribeDBClusters",
        "polardb:ModifySecurityIps",
        "polardb:DescribeDBClusterEndpoints",
        "polardb:DescribeDBClusterAccessWhitelist",
        "polardb:ModifyDBClusterAccessWhitelist"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "dds:DescribeDBInstanceAttribute",
        "dds:DescribeReplicaSetRole",
        "dds:DescribeSecurityIps",
        "dds:DescribeDBInstances",
        "dds:ModifySecurityIps"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "kvstore:DescribeSecurityIps",
        "kvstore:DescribeInstances",
        "kvstore:DescribeAccounts",
        "kvstore:DescribeDBInstanceNetInfo",
        "kvstore:CreateAccount",
        "kvstore:ModifySecurityIps",
        "kvstore:DescribeInstanceAttribute",
        "kvstore:AllocateInstancePrivateConnection",
        "kvstore:DescribeLogicInstanceTopology"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "drds:DescribeDrdsDB",
        "drds:DescribeDrdsDBs",
        "drds:DescribeDrdsDbInstance",
        "drds:DescribeDrdsDbInstances",
        "drds:DescribeDrdsDBIpWhiteList",
        "drds:DescribeDrdsInstances",
        "drds:ModifyDrdsIpWhiteList",
        "drds:CreateDrdsDB",
        "drds:DescribeTable",
        "drds:DescribeTables",
        "drds:ModifyRdsReadWeight",
        "drds:ChangeAccountPassword",
        "drds:CreateDrdsInstance",
        "drds:CreateInstanceAccount",
        "drds:CreateInstanceInternetAddress",
        "drds:DescribeInstanceAccounts"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "vpc:DescribeVpcs"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },    
    {
       "Action": [
         "bssapi:QueryResourcePackageInstances"
      ],
       "Resource": "*",
       "Effect": "Allow"
    },
    {
      "Action": "hdm:AddHDMInstance",
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": "ram:DeleteServiceLinkedRole",
      "Resource": "*",
      "Effect": "Allow",
      "Condition": {
          "StringEquals": {
              "ram:ServiceName": "dbs.aliyuncs.com"
          }
        }
    }
  ]
}

相關文檔